Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices

Prerequisite
None

Expected Duration
115 minutes

Description
You can probably think of at least one major account security breach you’ve heard about. When a security breach happens, it puts your customers, assets, and entire reputation at risk, so knowing how to identify and respond to potential attacks can be the difference between an organization’s continued success or complete failure. In this course, you’ll learn about enhancing user account security by establishing logon, logoff, and advanced password management protocols. You’ll also learn about safe and secure policies for advanced user account management such as account change and reset practices. Finally, this course covers effective best practices for handling user account security breaches, such as neutralizing attacks, and safely handling compromised systems to limit any further damage to your systems, network, and other user assets.

Objective

Secure Logon Policies

start the course

describe the characteristics and purpose of the logon feature

identify best practices during development to secure site logon

use Secure Sockets Layer or SSL to enhance logon security

identify best practices for managing multiple simultaneous sessions from the same user

distinguish between the common types of attacks on logon pages

describe best practices for detecting and preventing logon fraud

Secure Logoff Policies

identify the purpose and characteristics of implementing logoff requirements

identify the best practices and purpose of session expiry

identify the characteristics and best practices for remote logoff procedures

describe the purpose and techniques for implementing Cross-Site Request Forgery or CSRF protection on the logoff feature

Secure Password Storage Policies

describe best practices for password storage policies

identify the best practices for hashing passwords for storage

Secure Password Reset Policies

identify the characteristics and purpose of password reset

identify the best practices for implementing timed password resets

describe the best practices for strengthening password reset with verification questions

identify the benefits and challenges of using password hints and best practices

Secure Account Change Policies

describe the characteristics of account detail changes and how and why they carry risk of attack

identify the specific account attributes that hackers target

describe the best practices for using password verification during account change activities

identify the best practices for implementing user account change notifications

identify the best practices for confirming user account changes with users

Mitigating Risk from Successful Attacks

identify the best practices for dealing with compromised systems after a successful security attack

identify the best practices when collecting evidence and information after a successful attack

describe the best practices for neutralizing user account security attacks

Practice: Establish Secure Account Access Policies

identify appropriate logon, logoff, and account change policies, and describe the best practices for responding to account compromise